No.1683
iPhone or Android? If you're on iPhone you're basically screwed. Now Android on the other hand…
Get the vendor delivered OS off your phone and switch to LineageOS. LineageOS is the open source variant of what used to be CyanogenMod and will be a much better choice. If your phone supports ReplicantOS you can use that as well, but the supported device list is much shorter than Lineage.
Switching to an alternative Android distribution will get you much faster security updates. Mine updates every Monday.
Do not install the Google Play bits, evenOpenGApps. Use F-Droid as your app store instead. This will ensure that you are getting open source software from your app store. Most apps can be replaced, see droid-break.info.
Don't link your Gmail account to your phone. Use a paid email provider instead. I use NeoMailbox, but ProtonMail or similar would work just as well.
When you're replacing your OS, make sure that you root the phone at the same time. Rooting your phone will allow you to install AdAway which is a hosts-file based ad and tracker blocking app. Plus, it gives you that extra level of control that you might want for other applications - install Termux and use your phone like a Linux machine.
No.4077
>>1682Shelter - allows non-rooted phones to leverage work profile mode to compartmentalize apps and isolate them from data
Net Guard - uses a local VPN to enforce network access policy on apps. You can prevent your pdf reader from having internet access easily this way.
No.4080
>>1683>[…] but ProtonMail or similar would work just as well.Protonmail depends on Google Play Services. I don't know if you could possibly use the mobile browser like Fennec to access Protonmail; that could be an option. AFAIK, however, you cannot download the Protonmail application on F-Droid.
Crazy to me. How can a service so bent on security depend on Google?
As far as Termux goes, it's a great app for things like… SSH'ing. From what I've been able to gather, that's /about/ it. Do you have any ideas for what it can be used for on android? It is quite a powerful tool, but there doesn't seem to be any laymans uses for it.
No.4081
currently the best we got is grapheneos on a pixel device.
see:
https://grapheneos.org/but it's still problematic. on normal computers you can spoof mac and be done with it. on mobile devices you have to worry about imei and spoofing it is illegal in some territories.
there's also librem 5 built on top of linux kernel. but we are yet to see how it will hold up in the real world.
https://puri.sm/products/librem-5/mobile security is better than what it was, but we are not 100% there yet imo.
No.4082
As Alice said above, GrapheneOS is your best bet for Android. Has a few hardening patches, avoids calling home as much as possible (captive portal and updates to GrapheneOS repo remaining iirc), and often gets updates faster than AOSP since AOSP pushes updates in waves delaying as long as a month. GrapheneOS usually updates within six hours of an AOSP update.
Other suggestions…
Use a VoIP service for calls you do not wish to tie to your number. Linphone and maybe VoIP.ms SMS to go with it.
Tor Browser for normal browsing, Bromite as backup, Vanadium if you need to do normal person stuff.
If you're a cheap bastard Riseup VPN is decent enough, otherwise OpenVPN. Do not allow connections without VPN.
For service use Mint Mobile for their excellent privacy policy.
Avoid using Bluetooth.
Choose one - use only Cellular, or only WiFi with WiFi calling enabled and always on Airplane Mode. Cons cellular only - susceptible to IMSI catchers, cellular tower tracking, carrier tracking. Cons WiFi only - connection point history, weak driver security, router MitM.
Separate your use-cases in profiles.
Install as few apps as possible.
No.4083
>>1682Crowdstrike has a report on mobile security which is interesting but not your threat model.
>https://www.crowdstrike.com/blog/mobile-threat-report-2019-trends-and-recommendations/Number one distribution mechanism for mobile malware is placing trojaned apps in google app store. Warnings about 3rd party app stores based on how easy it modify an APK are included. F-droid with open source apps might help mitogate risk of trojanized APK but depends on how big a detterent having source available is.
No.4085
You're best off using burners and not bothering trying to make typical devices safe. Telecom infrastructure is too locked down and surveilled for a device to circumvent much on its own, the cell towers can still get you even if you disable all the internet related tracking.
No.4145
The botnet isn't on the OS or the ARM part, it's in the radio chipset, you cannot remove it without remove 2G/3G/4G.